Computer Security Seminar: Protect your internet account information
Upcoming SlideShare
Loading in...5
×
 

Computer Security Seminar: Protect your internet account information

on

  • 174 views

Slides from the Computer Security seminar presented by the Epiphany Technology Committee on 21 April 2014.

Slides from the Computer Security seminar presented by the Epiphany Technology Committee on 21 April 2014.

Statistics

Views

Total Views
174
Views on SlideShare
102
Embed Views
72

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 72

http://www.churchofepiphany.com 72

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Computer Security Seminar: Protect your internet account information Computer Security Seminar: Protect your internet account information Presentation Transcript

  • Online Safety & Security April-May 2014 Epiphany Technology Committee Jeff Squyres, Jim Cabral
  • Clickable links to additional information are included at the end of this presentation
  • Agenda ● Why Should I Care About Security? ● Who Is Attacking Me? ● What Do I Need to Protect? ● What Can Happen? ● What Increases My Risk? ● How Can I Protect Myself? ● What If I Get Hacked?
  • Disclaimer ● We’re Just Trying to Help ● Don’t blame us if things go bad ● We’re volunteers (with day jobs)
  • Why Should I Care About Security? “Just like any other public environment, the Internet requires awareness and caution. Just as you use locks to keep criminals out of your home, you also need safeguards to secure your computer. Many of the crimes that occur in real life are now done - or at least facilitated - through the Internet. Theft, abuse, and more can be and are being done online. Many scammers target older Americans via emails and websites for charitable donations, dating services, auctions, health care, and prescription medications.” US Department of Homeland Security.
  • The “Heartbleed” bug
  • The “Heartbleed” bug: Fun facts ● Only 38% of users have changed their passwords ○ 6% have changed all ○ 16% changed “some” ○ 16% changed “a few”
  • The “Heartbleed” bug ● The Internet depends on encryption ○ “https” → S = secure (encryption) ○ Encryption between computers Encrypted connection
  • The “Heartbleed” bug ● This encryption is known as “SSL” ○ “Secure Sockets Layer” SSL encrypted connection
  • The “Heartbleed” bug ● ⅔ of web sites use the same software for SSL ○ OpenSSL SSL encrypted connection Open SSL
  • ● Software bug in OpenSSL since March 2012 The “Heartbleed” bug Open SSL
  • ● Software bug in OpenSSL since March 2012 The “Heartbleed” bug Open SSL
  • The “Heartbleed” bug It’s like walking through a crowded restaurant with a video camera. Joe Smith: your total is $98.17Here’s my credit card Please log me in; my username is “bobcat371”, my password is “LouCardsRule” You catch snippets of conversations and images. Most aren’t important. But some are.
  • ● Most web sites have fixed the problem ○ It is now safe to go change all your passwords ● You can’t know if your password was stolen ○ (there was no way to track the guy with the video camera) The “Heartbleed” bug
  • Who Is Attacking Me? Albert Gonzales: stole 170M credit / ATM cards from TJ Maxx
  • Who Is Attacking Me? Nigerian (“419”) scammers Also related: ● Guaranteed loan/credit scams ● Lottery scams ● Overpayment / refund scams ● Disaster relief scams ● Travel scams ● Tech/computer help scams
  • Who Is Attacking Me? Dating, foreign bride, sex scams
  • Who Is Attacking Me? State-sponsored
  • “I’m not important” ● “No one cares about my Facebook account…” ● Wrong ○ They care a lot
  • “I’m not important” ● They’ll use the same username / password to login elsewhere ● They’ll impersonate you
  • What Do I Need to Protect?
  • What Can Happen?
  • Identity and Data Theft
  • Surveillance/Spying
  • Inappropriate Content Your child
  • What Increases My Risk?
  • Poor Passwords ● Simple passwords ● Old or reused passwords ● Lack of 2-factor authentication
  • “Do I really need a different password on every web site?” Yes (sorry)
  • “But I can’t remember all those passwords!” ● Use a password-keeper program ● Two good ones: ○ LastPass ○ DashLane ● Both are “Freemium”
  • Sidenote: What is 2-factor authentication? 1. Something you know ○ Your password 2. Something you have ○ Your cell phone
  • Sidenote: What is 2-factor authentication? Login: bobcat371, LouCardsRule
  • Sidenote: What is 2-factor authentication? Text bobcat371’s phone: code is 998321 This code changes every time
  • Sidenote: What is 2-factor authentication? Text bobcat371’s phone: code is 998321 This code changes every time What’s the code?
  • Sidenote: What is 2-factor authentication? Text bobcat371’s phone: code is 998321 bobcat371, code is 998321 This code changes every time
  • Sidenote: What is 2-factor authentication? You’re logged in!
  • Why is that useful? Text bobcat371’s phone: code is 796537 Login: bobcat371, LouCardsRule
  • Why is that useful? Text bobcat371’s phone: code is 796537 What’s the code?
  • Why is that useful? Text bobcat371’s phone: code is 796537 Uh...
  • Why is that useful? Text bobcat371’s phone: code is 796537 Uh...
  • Who supports 2-factor?
  • Who supports 2-factor? These are only a few Many more support 2-factor authentication Check your favorite web sites to see if they support 2-factor authentication
  • Back to: What Increases My Risk?
  • Unpatched Software ● Windows and MacOS ● Applications (PDF, Office) ● Mobile phones, tablets ● Web Servers (Heartbleed) ● Others (Java)
  • Insecure Configurations ● Software not set to auto- update ● Open home WiFi
  • “I’m not important” ● “No one cares about my home wifi network” ● Wrong They care a lot
  • Wifi reaches outside of your home
  • With protected wifi Your home / wifi Bad guy can’t get in your network
  • With protected wifi Your home / wifi Bad guy connects from the street -- he’s in your network!
  • Unprotected wifi “Unprotected wifi is not only like leaving your front door unlocked; it’s like leaving it wide open with a ‘Welcome’ mat out front.”
  • How Can I Protect Myself?
  • Use Safe Online Behaviors ● Change ALL your passwords now ○ Use complex, unique passwords for each site ● Avoid suspicious emails, messages, websites and public WiFi ○ If it’s too good to be true, it probably is ● Monitor your credit cards
  • Get Help to Setup Security ● Set phones, tablets and computers to auto update ● Back up critical information ● Encrypt your home WiFi (use WPA2)
  • Get Help to Setup Security
  • Get Help to Setup Security Everyone’s setup is different; we can’t help you in this seminar Get personal or professional help
  • What If I Get Hacked? Good Response Better Response
  • Recap ● The internet is a dangerous place ○ BUT IT IS MANAGEABLE! ○ Be sensible, be safe ○ Stop. Think. Connect.
  • Recap ● You can take actions NOW to protect yourself ○ Change ALL your passwords ■ Use good passwords ■ Get a password keeper ■ Setup 2-factor where possible ○ Ensure your firewall / anti-virus is up to date ○ Upgrade away from Windows XP ○ Set all your software to auto-update ○ Protect your home wifi ○ Setup off-site backups
  • Questions?
  • Helpful links ● STOP. THINK. CONNECT.: From the Dept. of Homeland Security ○ http://stopthinkconnect.org ● Malwarebytes: Handy PC software to remove viruses ○ A good second line of defense ○ https://www.malwarebytes.org/ ● Lastpass: Password keeper ○ https://lastpass.com/ ○ They also run a Hearbleed checker: https://lastpass.com/heartbleed ● Free annual credit report: From the US government ○ https://www.annualcreditreport.com/ ● XKCD: Simple cartoon showing how Heartbleed works ○ http://imgs.xkcd.com/comics/heartbleed_explanation.png
  • Helpful links ● OpenDNS: Parental controls for filtering web sites at home ○ http://www.opendns.com/ ● Microsoft Family Safety: ○ https://familysafety.live.com/ ● Reporting Computer Crime: ○ http://www.justice.gov/criminal/cybercrime/reporting.html
  • Thank you!